Detection of Tor traffic using deep learning

Tor, originally known as The Onion Router, is a free software that allows users to communicate anonymously on the Internet. This makes Tor attractive to cyber criminals, and the anonymity provided can be misused by hackers to enable remote control of victim systems. Indeed, a large volume of Tor traffic is used for malicious purposes such as fast port scans, hacking attempts, ex-filtration of stolen credentials, etc. This makes Tor traffic detection an important component of intrusion detection and prevention systems. Hence, in this paper we present a deep neural network (DNN) based system for the detection and classification of encrypted Tor traffic. The system achieved 99.89% accuracy in the classification of Tor and non-Tor traffic on the UNB-CIC Tor network dataset. Experiments conducted for classifying Tor traffic types demonstrated an accuracy of 95.6%, which is 6.2% higher than previous work on the same dataset. Additionally, the robustness of the proposed DNN classifier is evaluated using adversarial samples generated from a Generative Adversarial Network (GAN). We observed that 100% of the adversarial examples were unidentified by the DNN classifiers. Further retraining of the DNN classifiers with adversarial examples eventually improved their robustness against the adversarial attack.